Risk and Opportunity Register 


Date raised Risk ID 


No. 


1 


2 


26/01/18 


19/09/18 


Number 


R1 


R8 


Opportunity/risk description (opportunities Type Theme 
shaded in blue) 
The way we exit the European Union, and the External Legal 


accompanying uncertainty, impacts on our 
ability to deliver functions, including significant 
impact on ICO services supporting businesses. 
In particular in relation to the status of 
transfers, legal cooperation and the ICO's role 
in EDPB. 


ICO fails to maintain and develop strategic Strategic Policy 
international relationships which impact on UK 

global data protection and privacy concerns’ — 

this covers EU and US relationships as well as 

other international relationships which are 

needed to UK public’s interests are protected 


Current 
Probability 


4.0 


4.0 


Current 
Impact 


4.0 


4.0 


Current 
Overall 
priority 


Direction Proximity Strategic 


Same <> Medium Corporate 
term 


Same <> Medium Corporate 
term 


Target 
Probability 


Target 
Impact 


Target 
Overall 
Priority 


Risk and Opportunity Register 
No. Dateraised RiskID Opportunity/risk description (opportunities Type 
Number shaded in blue) 


Theme Current Current Current Direction Proximity Strategic Target Target Target 
Probability Impact Overall Probability Impact Overall 
priority Priority 


3.0 4.0 Same <> Medium Corporate 
term 


3 27/09/18 R10 Failure to deliver statutory codes of practice External Policy 
within the prescribed timeframes and in a way 
that delivers the outcomes we desire as a 
regulator 


4 13/04/18 R11 ICO fails to deal with issues arising from Internal/ Reputation 3.0 4.0 Same <> Shortterm Corporate 


Operation Cederberg in a timely and effective External 
way; in particular in relation to the public 
challenge to ICO regulatory decisions. 


Risk and Opportunity Register 


No. Dateraised RiskID Opportunity/risk description (opportunities Type Theme Current Current Current Direction Proximity Strategic Target Target Target 
Number shaded in blue) Probability Impact Overall Probability Impact Overall 
priority Priority 

5 30/06/17 R2 As a growing regulator and public service Internal People 3.0 4.0 Same <> Medium Corporate 


provider we fail to build a service culture, with term 
staff engaged in delivering reliable and 
responsive services which relate to the needs 
of our varied customers and stakeholders. 


6 01/04/18 R21 Cyber security - risk that malicious or External IT 3.0 4.0 Same <> Longterm Corporate 
inadvertent system compromise occurs 
affecting the confidentiality, integrity or 
availability of our information 


Risk and Opportunity Register 


No. Dateraised RiskID Opportunity/risk description (opportunities Type Theme Current Current Current Direction Proximity Strategic Target Target Target 
Number shaded in blue) Probability Impact Overall Probability Impact Overall 
priority Priority 


7 ( J re) 4 rtunity 1 


8 01/04/17 R29 ICO is not a relevant, tech savvy regulator. External Policy Same <> Medium Corporate 


term 


Risk and Opportunity Register 
No. Dateraised RiskID Opportunity/risk description (opportunities 
Number shaded in blue) 


9 28/06/17 R3 ICO fails to meet expectations when dealing 
with its regulatory action priorities in a timely 
and effective way; and hence does not meet 
the wide range of expectations of 
stakeholders. 


10 01/04/17 R4 ICO fails to have the organisational capacity to 
respond to current demand for our public 
services 


Type 


Internal/ 
External 


Internal/ 
External 


Theme 


Reputation 


Ops 


Current 
Probability 


3.0 


3.0 


Current 
Impact 


4.0 


4.0 


Current 
Overall 
priority 


Direction Proximity Strategic 


Target 
Probability 


Target 
Impact 


Down | Medium Corporate 


term 


Target 
Overall 
Priority 


Risk and Opportunity Register 
No. Dateraised RiskID Opportunity/risk description (opportunities 
Number shaded in blue) 


11 30/07/18 R46 Our financial forecasts are inaccurate and we 
fail to accurately predict fee income and 
expenditure requirements 


12 27/11/18 R61 The impact of unpredictable and/or significant 
litigation costs on financial forecasts and 
budgets 


13 19/02/19 R71 The ICO does not successfully inform the 
future regulation of online harms which 
undermines its role as the UK's information 
rights regulator. 


Type 


Internal 


Internal 


External 


Theme 


Finances 


Finances 


Policy 


Current 
Probability 


4.0 


3.0 


3.0 


Current Current Direction Proximity Strategic 


Impact Overall 
priority 


3.0 Same <& Medium 
term 


4.0 Same <> Medium 
term 


4.0 Same <> Medium 
term 


Corporate 


Corporate 


Corporate 


Target 
Probability 


Target 
Impact 


Target 
Overall 
Priority 


Risk and Opportunity Register 


Date raised Risk ID 


No. 


14 


30/04/19 


Number 


R73 


Opportunity/risk description (opportunities Type Theme 
shaded in blue) 
As a rapidly expanding organisation we fail to Internal Legal 


introduce the necessary infrastructure and 
culture to ensure appropriate compliance with 
all relevant legal and other obligations 
expected of a modern regulator 


Current 
Probability 


4.0 


Current 
Impact 


3.0 


Current 
Overall 
priority 


Direction Proximity Strategic 


Same <> Medium Corporate 
term 


Target 
Probability 


Target 
Impact 


Target 
Overall 
Priority 


